December marked a moment of reflection and steady progress across the WordPress ecosystem. The community closed the year with a significant core release, continued work on long-term features, and meaningful developments across plugins, themes, hosting, and education.
From platform updates to community initiatives and security awareness, this edition captures the key movements that shaped WordPress as it prepared to enter a new year with stability and confidence.
Mergers, Acquisitions, and Investments
December 2020 saw a few notable moves that reflected consolidation and strategic growth within the WordPress and hosting ecosystem. These developments highlighted a focus on expanding capabilities, strengthening infrastructure, and enhancing user-facing products.
Cloud Equity Group Expands Hosting Portfolio
In December 2020, Cloud Equity Group announced the acquisition of two Canada-based hosting providers, Cirrus Hosting and HostMDS. This move strengthened Cloud Equity Group’s presence in the North American hosting market and aligned with its strategy of building a broader portfolio of managed hosting brands.
The acquisitions aimed to improve service offerings while maintaining the independent identity of each hosting provider.
Angry Creative and Pragmatic Join Forces
Angry Creative completed the acquisition of Pragmatic, bringing together two agencies with complementary strengths. The acquisition focused on combining design, development, and WordPress expertise to better serve clients with complex digital needs.
This move reflected a growing trend of agencies scaling through strategic partnerships rather than organic growth alone.
Automattic Acquires MailPoet
Automattic acquired MailPoet, a popular email marketing plugin built specifically for WordPress. The acquisition marked an important step in strengthening Automattic’s ecosystem by integrating email marketing more closely with WordPress and WooCommerce.
MailPoet continued to operate as a dedicated product while benefiting from Automattic’s resources and long-term platform vision.
WordPress Core Updates
WordPress 5.6, named “Simone,” was released on December 8, 2020. This was the final major WordPress core release of the year and focused on stability, usability, and long-term maintenance.
The release introduced the Twenty Twenty-One default theme, designed for simplicity, accessibility, and flexible layouts. It also improved the block editor with better layout tools and block patterns, making content creation easier for users.
WordPress 5.6 added support for automatic updates for major releases, giving site owners more control over security and maintenance. No other WordPress core releases or major core updates were announced during December 2020.
Other WordPress News
December 2020 included several important updates beyond core development. These announcements highlighted progress in education, community engagement, and long-term platform evolution within the WordPress ecosystem.
Learn WordPress Officially Launches
Learn WordPress, a new free and on-demand learning platform, officially launched on December 15, 2020. It offers structured workshops, lesson plans, quizzes, and courses for WordPress users and contributors. The launch strengthened the project’s focus on education and skill development within the community.
“State of the Word” 2020 Goes Fully Online
Matt Mullenweg delivered the annual “State of the Word” address on December 17, 2020. Due to the pandemic, the event was streamed online for the first time and followed by a live Q&A session. The keynote reflected on the year’s progress and outlined priorities for the WordPress project.
Full Site Editing Progress Continues
Development and testing for Full Site Editing continued throughout December 2020. Contributor teams began the Full Site Editing outreach program to gather early user feedback. This work supported ongoing efforts under Gutenberg Phase 2.
WordPress 5.6 “Simone” Release Highlights
WordPress 5.6, released on December 8, 2020, remained the most notable update of the month. The release was led by an all-women release squad and introduced features such as major auto-updates, the Twenty Twenty-One theme, and beta compatibility with PHP 8.
Security Alerts & Plugin Vulnerabilities
December 2020 highlighted the importance of keeping WordPress plugins updated. Several widely used plugins reported critical security vulnerabilities during the month, some of which could lead to full site compromise if left unpatched.
These incidents underscored the importance of regular updates, security monitoring, and proactive maintenance for WordPress websites.
Key Plugin Vulnerabilities in December 2020
The following popular plugins reported significant security issues that were addressed through patches during December 2020:
- Contact Form 7 (versions before 5.3.2): One of the most widely used WordPress form plugins, Contact Form 7, was affected by a critical unrestricted file upload vulnerability (CVE-2020-35489). The issue allowed attackers to bypass file validation and upload executable scripts, potentially leading to full site takeover. A patch was released on December 17, 2020.
- NextGEN Gallery (versions before 3.5.0): NextGEN Gallery reported multiple serious vulnerabilities, including Cross-Site Request Forgery (CSRF), Remote Code Execution (RCE), and Cross-Site Scripting (XSS). These issues could allow attackers to execute malicious code or manipulate site content. Version 3.5.0 was released to address the vulnerabilities, and users were advised to update immediately.
- Easy WP SMTP (versions before 1.4.3): A high-severity vulnerability was disclosed in Easy WP SMTP that allowed unauthenticated users to reset administrator passwords. The issue was reported on December 7, 2020, and posed a significant risk to site access and control. An update was released to fix the flaw.
- Popup Builder (versions before 3.7.2): Popup Builder was found to have multiple authorization issues related to improperly secured AJAX actions. These flaws could allow unauthorized users to perform restricted actions. Partial fixes were introduced in December 2020, with a full patch released in January 2021.
Overall, December 2020 served as a reminder that plugin vulnerabilities remain a key security risk. Site owners were encouraged to apply updates promptly and follow best practices for WordPress security.
Theme of the Month: Beaver Builder
Beaver Builder stands out as a reliable page builder for WordPress users who want design flexibility without added complexity. Its front-end visual editing experience allows users to build responsive layouts while maintaining clean and efficient code.
Strong compatibility with themes and plugins makes Beaver Builder a trusted choice for developers, agencies, and site owners focused on long-term stability.
Plugin of the Month: WPForms
WPForms remains one of the most widely used form builder plugins in the WordPress ecosystem. Its drag-and-drop interface makes form creation easy for beginners, while advanced features support lead generation, surveys, and payment forms.
The plugin balances ease of use with performance and security, making it suitable for websites of all sizes.
Agency of the Month: Seahawk Media
Seahawk Media continues to be recognized for its white-label WordPress services, including design, development, and ongoing support. The agency works closely with hosting providers and businesses to deliver scalable and consistent WordPress solutions.
Its focus on performance, reliability, and long-term partnerships has helped establish a strong reputation within the WordPress community.
Host of the Month: BigScoots
BigScoots is known for its managed WordPress hosting and customer-first support model. The hosting provider offers performance-focused infrastructure combined with hands-on technical assistance.
This approach makes BigScoots a dependable option for businesses that need stability, security, and responsive support for their WordPress websites.
Founder of the Month: Matt Cromwell
Matt Cromwell, co-founder of GiveWP, has contributed significantly to nonprofit fundraising within WordPress. His work enabled organizations to accept donations easily while maintaining transparency and control.
GiveWP expanded WordPress use cases beyond publishing into social impact and community fundraising.
Looking Ahead to January 2021
January 2021 is expected to focus on refining the changes introduced in WordPress 5.6. Developers and contributors will continue improving performance, accessibility, and block editor stability as adoption of the new release grows.
Attention is also likely to remain on Full Site Editing development, with more testing and feedback shaping Gutenberg Phase 2. Plugin and theme authors are expected to release compatibility updates, especially around PHP 8 support, as the ecosystem prepares for a new year of steady progress and innovation.